Colorado just made a major pivot on artificial intelligence regulation, and employers using AI tools in hiring, promotion, performance management, or other employment decisions should pay attention.
On May 14, 2026, Colorado Governor Jared Polis signed S.B. 26-189, which substantially rewrites Colorado’s earlier artificial intelligence law. The amended law delays the effective date to January 1, 2027 and significantly reduces several of the heavier employer obligations that were included in the original version.
In plain English: Colorado did not abandon AI regulation, but it did move away from the earlier, more burdensome framework. For employers, this is a welcome compliance breather. But it is not a free pass to let the robots run HR. Nobody wants ChatGPT with a badge and a termination letter.
Quick Refresher: What Did Colorado’s Original AI Law Do?
Colorado’s original law, S.B. 24-205, was one of the first broad state laws regulating high-risk artificial intelligence systems. It applied to AI systems used in consequential decisions, including employment, housing, education, financial services, insurance, healthcare, and government services.
For employers, the original law raised significant concern because it included obligations tied to “high-risk” AI tools used in employment decisions. These obligations included risk management policies, impact assessments, annual reviews, consumer notices, appeal rights, and measures to reduce algorithmic discrimination risk.
That original framework was scheduled to take effect in 2026, but Colorado lawmakers ultimately replaced it with a narrower approach.
What Changed Under the Amended Law?
The amended law moves away from the prior “high-risk artificial intelligence system” structure and instead focuses on automated decision-making technology, or ADMT, that is used to materially influence consequential decisions. Norton Rose Fulbright explains that the revised law removes the prior terminology around “high-risk artificial intelligence systems” and no longer uses the phrase “artificial intelligence” as the central trigger.
This is a big shift.
Rather than regulating AI broadly, the amended law focuses more specifically on technology that processes personal data to generate recommendations, rankings, or scores used to make decisions about individuals. Employment decisions are still included within the definition of consequential decisions, meaning employers are still in the zone if they use ADMT in hiring or other employment-related decisions.
Why Employers Should Care
Many employers already use technology in HR processes, sometimes without fully thinking of it as “AI.” Examples may include:
Applicant screening tools
Resume-ranking software
Automated interview scheduling or scoring tools
Video interview analytics
Skills assessments with automated recommendations
Internal promotion matching tools
Performance analytics platforms
Productivity or workforce management systems
Compensation recommendation tools
The amended Colorado law may be narrower, but employers should still ask a practical question: Are we using a tool that materially influences an employment decision?
If the answer is yes, the employer may have obligations under the new law once it takes effect.
The New Law Substantially Reduces Employer Burdens
The biggest employer-friendly development is that Colorado removed several of the most complex requirements from the original law.
The revised law eliminates the prior duty-of-care framework tied to algorithmic discrimination, as well as requirements for annual impact assessments and formal risk management programs.
Littler summarizes the revised employer obligations as being centered around three main actions: provide clear notice, create a structured adverse-action and human-review process, and retain relevant records for at least three years.
That is a much more focused compliance model than the original version.
For HR teams, this likely means less emphasis on building a full AI governance program from scratch and more emphasis on transparency, documentation, and human review when automated tools affect employment decisions.
Notice Will Still Matter
Under the amended law, deployers of covered ADMT must provide clear and conspicuous notice when the technology is or will be used in a consequential decision. The notice obligation can be satisfied through a prominent public notice that is reasonably accessible at points of consumer interaction.
For employers, this may mean reviewing where applicants and employees interact with AI-enabled tools.
For example, notice may be needed in:
Online job applications
Applicant tracking systems
Career pages
Assessment platforms
Employee portals
Internal mobility tools
Performance or promotion systems
The practical takeaway: if a person is interacting with a process where ADMT may materially influence an employment outcome, the employer should be thinking about whether the notice is clear, accessible, and understandable.
Adverse Decisions May Require Explanation and Human Review
The amended law gives individuals rights when a consequential decision results in an adverse outcome and covered ADMT materially influenced that decision. This may include a post-decision disclosure and an opportunity for meaningful human review.
In the employment context, this could matter when an applicant or employee is rejected, screened out, denied an opportunity, or otherwise negatively affected by an automated recommendation, ranking, or score.
Employers should prepare for questions like:
What role did the tool play in the decision?
Was the tool only one factor, or did it materially influence the outcome?
Can the applicant or employee understand the basis for the decision?
Is there a real human review process, or just a rubber stamp?
Who conducts the review?
How is the review documented?
The “human review” piece is especially important. A process is not meaningful if a human merely clicks approve without evaluating the facts. HR should be prepared to show that a real person reviewed the decision and had authority to change the outcome where appropriate.
Record Retention Is Still a Key Compliance Issue
Littler notes that the amended law requires retention of relevant records for at least three years.
That means employers should not treat AI-enabled employment decisions as a black box. If a tool materially influences a decision, the employer should be able to preserve enough information to explain what happened.
Relevant records may include:
The tool used
Vendor documentation
Notices provided
Decision criteria
Scores, rankings, or recommendations
Human review documentation
Adverse action explanations
Applicant or employee requests for review
Final decision records
Communications with the vendor
Employers should also check whether their vendors retain this information and whether the employer can access it when needed. A recordkeeping obligation is not very useful if the vendor says, “Oops, we don’t store that.” Very not cute.
Vendor Contracts Need a Fresh Look
The amended law imposes separate obligations on developers and deployers of covered ADMT. Developers may be required to provide deployers with documentation describing the system and material updates or modifications.
Employers are usually deployers when they use third-party HR technology. That means vendor contracts should be reviewed before January 1, 2027.
Employers should consider whether vendor agreements address:
What the tool does
Whether the tool is used in employment decisions
Whether it generates recommendations, rankings, or scores
What data the tool uses
How the vendor tests or evaluates the system
What documentation the vendor will provide
How material changes will be communicated
Who handles notices or disclosures
Whether the employer can access decision records
Indemnification or risk allocation
The law may be less burdensome than before, but employers still need cooperation from vendors to comply. HR, legal, IT, procurement, and compliance should all have a seat at this table.
This Is Not Just a Colorado Issue
Even though this is a Colorado law, employers outside Colorado should still pay attention. AI regulation is developing quickly across the country, and employment-related AI tools are a major focus for regulators, plaintiffs’ attorneys, and employee advocates.
Colorado’s rewrite may signal a broader trend toward more targeted AI rules focused on notice, transparency, human review, and recordkeeping rather than broad algorithmic governance programs. Seyfarth describes the revised Colorado law as a streamlined framework focused on transparency and disclosure.
That said, other jurisdictions may take different approaches. Employers with multi-state workforces should avoid building an AI compliance process based on only one state.
What Employers Should Do Now
Employers should use the delayed effective date as planning time, not procrastination time. January 1, 2027 may sound far away until someone asks who owns the AI inventory, and everyone suddenly finds a very important meeting to attend.
Start by inventorying HR technology. Identify any tools used in recruiting, hiring, promotion, performance management, workforce analytics, compensation, scheduling, discipline, or termination decisions.
Next, determine which tools may materially influence employment decisions. Not every automated tool will be covered, but employers need to understand how each tool is used.
Then review vendor contracts and documentation. Ask vendors whether their tools use ADMT, what documentation they provide, how they support disclosures, and what records are retained.
Employers should also draft or update applicant and employee notices, build a human review process for adverse outcomes, and create a recordkeeping protocol.
Finally, train HR, recruiters, and managers. A tool should support decision-making, not replace judgment. The people using the system need to understand its limits.
Bottom Line
Colorado’s amended AI law is a meaningful rollback from the original version, but it is not the end of AI compliance for employers.
The biggest employer takeaways are:
The effective date is now January 1, 2027.
The law now focuses on covered automated decision-making technology rather than the broader “high-risk AI” framework.
Employment decisions remain covered consequential decisions.
Many prior obligations, including annual impact assessments and formal risk management programs, have been removed.
Employers should still prepare for notice, adverse-action explanation, meaningful human review, and three-year record retention obligations.
Vendor contracts and HR technology inventories should be reviewed now.
The smart move is to treat this as a chance to build a practical AI governance foundation. Not oversized. Not scary. Just clear, documented, and human-centered. Because in HR, AI can help with the process, but accountability still belongs to the employer.
Note: This blog post is for informational purposes only and should not be construed as legal advice. Always consult with a legal professional for advice specific to your situation.
Sign-up HERE and Save $200!
- Boss Calls™ – Access to EVERY Boss Call™ – Past & Future.
- HelpDesk for HR VAULT – Access all 15 of our proprietary tools and applications to simplify your workday.
- Forms, Docs, Policies and Procedures Library – 700+ samples you can download and edit to fit your needs.
- U.S. ePoster Club – Download state, city, and local posters for all 50 states & D.C.
- Same-day email support – Write to our team of SPHR and SCP professionals with all your HR questions.
Lisa Smith, SPHR, SHRM – SCP
Certified EEO Investigator (EEOC)
Lead Support and Content Chief – HelpDeskforHR.com
“You cannot be audit-proof, but you can Be Audit-Secure.”